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Bottom Line 


CND-JTF 80% to 90% complete 

Air Force cannof accept the CND-JTF 
as currently envisioned 

-Remaining critical issue is LE/CI 
coordination 

-All other issues are acceptable 



Overview 


CND-JTF at a Glance 
• Hot Issues 
Determining AFFOR 



CND-JTF Background 


CND-JTF will direct and coordinate DoD reaction to 
compunter network attacks (CNA) 

- Commander will be Maj Gen Campbell 

Will have component forces from Services for two 
key CND functions 

- Detecting and assessing CNA 

- Recommending countermeasures and restoring networks 
post-CNA 

AF must determine component force (AFFOR) and 
commander (COMAFFOR) 




CONORS in a Nutshell 


CND-JTF will 

- Monitor incidents, operations, vulnerabilities, intel threats 

• Leverage Intrusion Detection/Advisory Compliance System 

- Coordinate and Direct actions to stop/contain attacks 

- Perform Attack Assessments 

- Develop Intel Requirements for CND 

- Develop Plans & procedures to protect DoD networks 

- Participate in joint training exercises 


CND-JTF will not initiate offensive action 



CND-JTF C2 Relationships 



Service Components 

COMAFFOR 

COMARFOR 

COMNAVFOR 

COMMARFOR 


Other DoD Agencies 

(DSWA, DECA, etc.) 

DISA Collateral Networks 

(Supporting Agency) 



















Timeline 


• 15 to 26 Oct - Second CONOR coordination 

• 20 Oct - VTC with CINCs (0-6 level) 

• 21 Oct - OPSDEPs Tank for progress review 

• 25 Oct - Charter to SECDEF for 

signature 

• 26 Oct - AF must name initial cadre to Joint Staff 

• 30 Oct - SECDEF progress review 

• 30 Oct to 9 Nov - Final CONOR coordination 

• NLT30Dec-IOC 

• IOC + 180 days - FOC 
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CND-JTF must have full-time 
legal support (instead of 
borrowing DISA’s). Also, 
support must be SJA not GC. 


SAF/GCM 
SAF/IGX 
Army Concurs 


CND-JTF must have full-time SAF/GCM 

law enforcement and SAF/IGX 

counterintelligence ASD/C3I Concurs 


CND-JTF must not rely on DISA 
GOSC’s law enforcement 
personnel; use Services instead 


SAF/GCM 
SAF/IGX 
Navy Concurs 



Personnel Issues 


JTF predominantly manned by 
traditional operators -- will rely on DISA 
for much of its technical expertise 

Commander, deputy may both be AF 
causing Navy to non-concur 

Services must give names of initial 
cadre to Joint Staff NLT 26 Oct 



Directive Authority 


Per draft CONOR, CND-JTF will have 
directive authority over component forces at 
INFOCON BRAVO 

- BRAVO: significant levels of probes/scans, 
targeting of specific DoD entity, or attacks 
with no impact on DoD operations 

JTF will have coordination authority only over 
CINC defensive actions 

Navy has resisted any JTF directive authority 
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Needed AFFOR Capabilities 


Provide network status 
Correlate incidents 

Provide status of ongong 
investigations 


Per Draft CND-JTF CONOR 

Perform Vulnerability 
Analysis and Assistance 
Program 

Maintain lAVA compliance 

Analyze threats to Service 
networks 

Coordinate vulnerability 
assessments 

Conduct 24 X 7 ops 
Execute C2 lAW CONOP 


Critical Capabilities 




Other Service Approaches 


• COMARFOR: Army Signal Command 

- ARFOR: Combination of ASC and LIWA 

• COMNAVFOR: Navy Telecommunications 
Command 

- NAVFOR: Combination of NAVTELCOM and 
FIWC 


AFFOR Need Not Match other Service Components 

AFCERT more capable than other CERTs 
Meets more needed component capabilities 

CND-JTF Expected CERTs as Service Components 
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CND-JTF 


Proposed AFFOR 
Relationships 


LE/CI 


AFOSI 


Provide Investigation 
Status (CI/LE Support) 


Provide Intrusion 
Detection Info 
Provide Attack 
Assessments 
Recommend 
Countermeasures 
Implement 
Countermeasures 


COMAFFOR 

AFIWC/CC 



Correlate Incidents 
Analyze Threats 
Maintain lAVA 
Compliance 

Coordinate Vulnerability 
Assessments 


AFNOC 

NOSCs 
NCCs 


Provide Network 
Status 

Analyze Threats 
Correlate Incidents 
Recommend 
Countermeasures 
Implement 
Countermeasures 
Restore Networks 


























JTF Manpower 


AF Billets 

Intel Analyst (04, 14N) Cadre 
Def lO Officer (04, 33SX) 

Watch Officer (04, 13SX) Cadre 
Def lO Planner (04, 11XX) 

Commander (0-8) 

Dep Cmdr (0-6) (Nominated) 


Billets bv Soecialt 


Operators: 10 of 19 
Comm: 4 of 19 
Intel: 5 of 19 







Doctrinal Basis for AFFOR 

AFDD 2-5 


AFDD 2-5: successful military operations must 

carefully integrate both OCI and DCI elements.” 
AFDD 2-5: established as the 

for computer security 

incidents and vulnerabilities. The AFCERT 
coordinates the AFlWC’s techical resources to 

for 

computer security incidents and vulnerabilities 
reported [by] Network Control Centers, IWS, and 
NOSC.” 



AFFOR Tasking Flow 




AFOSI 










JTF-CND Update 

JTF will direct/coordinate DoD computer defenses 

- JTF Paperwork 90% Complete; IOC no later than 30 Dec 98 

1C very protective of Intel networks, DCI authorities 

- IC will submit to JTF coordination authority as well as report 
network status and incidents to JTF 

- JTF and CMS will undertake MOA on specifics 

JTF purposefully lean ... J2 cell only 5 people 

- will generate PIRs, monitor l&W, help analyze specific 
attacks. Must depend on remainder of IC for all else 

- AF has one 0-4 In the J2; exact person still TBD 

AF has one outstanding issue 

- JTF must have full-time body for LE/CI coordination 



SECURITY 


This document is from the holdings of: 
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